Preventing Database Security Issues

Stolen Database Backups

Regarding this problem, the ideal prevention strategy would be to encrypt data. Encrypting database backups is an option the organization will find useful to protect sensitive data when it is transported for offsite storage (Burtescu, 2009). The data is usually transported on disk or tape. For instance, since customers in Wal-Mart Stores, Inc. use their credit cards for shopping, the company has the responsibility of ensuring that their personal details are secure on the backup drives. The company handles such issue by using Secure Socket Layer (SSL) certificates that help them to encrypt sensitive information before they transmit over the internet (Burtescu, 2009).

  1. The remote backup site is sometimes also called the
  1. a) Primary site
  2. b) Secondary site

The answer is b.

Weak Passwords

The significant way an organization can use to avoid weak passwords is implementing password policies. Besides, the organization should ensure that employees strictly follow the implemented policies. A password should have a minimum length of at least six characters and should include special characters and numbers (Akanji & Elusoji, 2014). Also, employees should change passwords over defined time. For example, the International Business Machines Corporation eliminates weak passwords by adopting technical controls that require strong passwords. The organization applies the feedback loop to strengthen security and password initiatives.

  1. A good password is?
  1. a) Predictable
  2. b) Random

The answer is b.

Missing Patches

Due to the vulnerability of operating systems and applications, hackers can take advantage. The organization can prevent hacking by making sure that all systems that are connected to the internet have the required operating system and application security patches and updates (Akanji & Elusoji, 2014). Regarding the missing security updates, organizations such as Infinite Computer Solutions uses the new Nessus consolidated “Patch Report” plugin to identify the patches to apply to protect their systems.

  1. Which of the following steps comes first in the patching process?
  1. a) Understand the files, functions, and operations of the patch
  2. b) Prioritize and rate the severity of the patch

The answer is a.

Duplicate Passwords

Regarding this issue, individuals and companies should use the best password managers to help keep their identity with regular security audits. With a password manager, when one wants to log into a website, he or she will type the password into the password manager instead of the website (Burtescu, 2009). Some of the password managers individuals and organizations can use include Dashlane, Enpass, LastPass, and RoboForm. The Enpass Password audit functions by displaying any weak or duplicate passwords so that one can change them anytime. For instance, an organization such as Microsoft use Enpass on their Windows PC and Windows 10 UWP. The password manager uses an algorithm that runs an internal scan and indicates the password that is duplicated so that you can change.

  1. Which of the following is not a password manager?
  1. a) Dashlane
  2. b) CNET

The answer is b.

Excessive and Unused Privileges

The mitigations to this problem include the following. First, the organization can implement user rights management strategy. The strategy involves aggregating user rights into a single repository to improve the efficiency of reporting and analyzing the user access to sensitive data. Besides, the organization can decide to identify and eliminate excessive rights and dormant users (Akanji & Elusoji, 2014). For example, the University of North Carolina at Charlotte had the same problem, and it handled it by identifying users that had excessive privileges and reduce them so that they could protect their system against malware compromise.

  1. Which of the following is not a mitigation to excessive and unused privileges?
  1. a) Review and approve individual user rights.
  2. b) Limited security education.

The answer is b.

 

References

Akanji, A. W., & Elusoji, A. A. (2014). A Comparative Study of Attacks on Databases and Database Security Techniques. African Journal of Computing & ICT, 7(5), 1-8.

Burtescu, E. (2009). Database Security-Attacks and Control Methods. Journal of Applied Quantitative Methods, 4(4), 449-454.

 

Do you need an Original High Quality Academic Custom Essay?